Nemucod Ransomware-as-a-Service Now Distributes Cerber Ransomware!

Cerber was first noticed in 1st quarter of 2016 and since then, it spread rapidly within no time with the help of Ransomware-as-a-Service [Raas]. Recently, Microsoft reported that Cerber is on the top position in Ransomware families infecting more than thousands of systems around the world every day!

And it seems like Cerber isn’t going to stop any more as Nemucod Ransomware-as-a-service appears to be yet another RaaS to distribute Cerber freshly! According to Cyren blog, it might be the newer version of Cerber or it might be freshly released by using Raas. Nemucod is a popular malware distribution tool which has already been used in the past to distribute ransomwares.

Nemucod Ransomware-as-a-service for Cerber Distribution

There are various ways through which the Ransomware is distributed around the world! Nemucod seems to be the best way for Cerber Ransomware as it’s a well known malware distribution tool. Once the user installs the exe file of Cerber, here’s what the note appears on the victims PC.

According to Cyren blog, “The attack is based primarily on email messages with zipped JavaScript attachments with filenames conforming to “DOC{10 digit}-PDF.js” and various invoice-related subjects.”

Two major variants of Nemucod were detected by Cyren in their research which are JS/Nemucod.GE!Eldorado and JS/Nemucod.ED1!Eldorado. It is also said that Nemucod is also responsible to distribute the 2nd most dangerous ransomware, Locky!

JS/Nemucod.GE!Eldorado code is detected as shown in the below given image.

JS/Nemucod.ED1!Eldorado code that affects your system are as shown below.

By this, it’s quite clear that Nemucod Ransomware-as-a-service is going to be dangerous if it outbreaks fresh Cerber ransomware around the world. It’s difficult to say up to what extent this RaaS is going to continue but if it continues for even 1 or 2 months, Cerber might top the charts in Ransomware family for ever!

Hi Harsh, all my files are having an extension as .8908. Is there any decryptor tool available for this? My files are as it is and I havent moved them. Do you think it would be good idea to run some decrytors or antivirus and see whether I can get my docs back? Or shall moves the files to a external hard drive and wait for a tool to be available? My hard drive is infected but my C drive and all programs are working.

Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e).
Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e).
Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e)